Show:
HIPAA
Scenarios- WWYD?
HITECH
100

Name, DOB, Address, SSN, MA number, and diagnoses are all examples of what kind of information?

What is PHI? Protected Health Information

100

Your client, Mr. Wallace, has been seeing you for a few months now. Wallace's wife calls and wants to pick up his records. What do you do? 

Essentially... 

-Can't confirm that's Mrs. Wallace 

-Can't confirm nor deny you see Mr. Wallace

-Request that Mrs. Wallace talk with Mr. Wallace and have him complete a medical release form. She can still pick it up, if Mr. Wallace consents to that.


100

HITECH stands for...

Health Information Technology for Economic and Clinical Health Act. 

200

HIPAA stands for... 

What is Health Insurance Portability and Accountability Act? 

200
A health insurance representative calls and starts asking about your client. 

-Hang up, dial the direct line. We cannot confirm that it is truly a representative, it might be a scammer.

200

This is Connecticut's statewide system for Health Information Exchange.

What is Connie?

300

This rule is a set of federal regulations that sets national standards for protecting individuals' personal health information. 

What is the Privacy Rule? 

300
It's Friday and you have to finish up your treatment notes. You have a birthday dinner to attend to after work. Where should you complete your notes? At the restaurant? At your home? At work? 

At work on your work computer. 

300

Why was HITECH enacted?

It was made to increase patient rights over their electronic protected health information (ePHI), increased restrictions over disclosure of PHI, and increased fines and penalties for HIPAA violations, brought funding for compliance audits.

400

This is defined as a health plan, a health provider, a health clearing house (or a database)

What is a common entity?

400

One of your coworkers saves their files containing PHI on a USB. One morning, they tell you that they lost it on the train. This USB has over 200 clients' PHI! What should they do? What should you do? 

-Ask if the USB is encrypted or password protected.

Bonus 100pts: They tell you it's not... now what?

400

True or False? All incidents regarding improper disclosure of PHI qualify as a breach.

False. Incidents that pose a low risk of harm (ex: incidental disclosures, unintentional internal disclosures with no further disclosure, impermissible access and retraction where individual is not expected to remember the info) to the client/patient and do not qualify as a breach.

500

In CT, this Health Information Exchange (HIE) is a secure electronic way for health care providers and organizations to share clinical information about their patients is called...

What is CONNIE? 

500

You're stressed. You're on a time crunch to complete your notes. One of your coworkers says that they use AI to write their treatment notes. What do you do? 

-Don't use AI to write your treatment notes. 

-If you do, you must de-identify your patient. 

500

What are 3 ways to ensure you/your agency are HITECH compliant.

- Use secure systems

- Control access 

- Written policies

- Train staff

-  Business associate agreements

- Breach notification 

- Regular audits

- Informed consent